COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-23679

CVE-2024-23679

Severity
critical
Source
NVD · cve
Published
2024-01-19
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-23679

Players implicated

enonic · vendorXP · product

Description

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.